GUIDE. Navigating the General Data Protection Regulation Mini Guide
|
|
- Gerard Page
- 5 years ago
- Views:
Transcription
1 GUIDE Navigating the General Data Protection Regulation Mini Guide
2 Introduction The General Data Protection Regulation (GDPR) will deliver a long overdue modernization and harmonization of privacy and data protection laws across the EU. It replaces legislation that was drafted before phones became smart and the cloud came to transform business. Much has been written about penalties associated with non-compliance with the GDPR and they can be severe. But rather than focus on fines, security professionals should think about the GDPR as a golden opportunity. A chance to focus the C-suite on the best practice privacy and data protection practices we have been championing for years. 1. Need to know the essential GDPR facts 2. How GDPR-ready is your organization? 10 questions to ask 3. The capabilities needed to become GDPR ready 4. Measuring security outcomes This guide will help you prepare for the GDPR. It outlines the key facts and figures, the questions organizations should ask to help assess their stage of readiness, and a comprehensive toolkit to help develop the capabilities needed to become GDPR-ready. Finally, we offer a short reference sheet covering the key information security professionals need to be prepared. 2 Navigating the General Data Protection Regulation Mini Guide
3 1. Need to know the essential GDPR facts The General Data Protection Regulation (GDPR) was approved by the EU Parliament on 14 April It will be enforceable on 25 May The GDPR replaces the Data Protection Directive 95/46/EC and was developed to harmonize data privacy laws across Europe and strengthen rights for individuals. As a regulation (not a directive), it will apply immediately in all EU territories. There is no need for countries to pass individual laws. The fines associated with breaching GDPR are considerable with the highest penalties resulting in fines of up to 20m or 4% of annual global turnover, whichever is greater. Data protection by design is a core principle for the GDPR. This means that data protection and privacy should be a priority in all organizations, not an afterthought. 25 May 2018 GDPR is enforceable Replaces outgoing Data Protection Directive 95/46/EC A regulation, not a directive Fines up to 20m or 4% of global turnover Data protection by design, not by afterthought 3 Navigating the General Data Protection Regulation Mini Guide
4 2. How GDPR-ready is your organization? The GDPR is a huge piece of legislation. Where does an organization start? We brought together a team of privacy, compliance, and technology experts to list the key questions any company should think about in relation to GDPR compliance. For many organizations, the questions are: Where to start? and Where do we prioritize? Business leaders and security executives should take a critical look at their existing data security programs and then ask the 10 questions below. Account managers and pre-sales engineers should use these discovery questions in conversations about GDPR with customers. 1. Is there a culture of data security and awareness in our organization? It s essential that all people from executives to users, administrators, and developers be trained, certified, and ready to foster a culture of data security and privacy by design within the organization. In many circumstances, preparing for the new regulation requires the appointment of a data protection officer, who is responsible for organizational compliance and communication with supervisory authorities. This new role and executive sponsorship are essential to positive culture change in an organization. 2. Do we know what privacy-related data we collect and where it is stored? An overriding principle of the GDPR is data minimization only collect the data that is required to provide goods or services. By understanding what data an organization collects, the organization is able to better focus its compliance rather than applying a blanket, costly approach. Secondly, you can t ensure the protection of data if you don t know the key repositories, applications, and business processes. Many data loss prevention programs fail because of this very issue. Data is everywhere today, and it is increasingly stored on mobile devices and cloud systems, creating more potential exposure to attack or misuse. A key consideration should be to implement a continuous data discovery, inventory, and classification program that involves a crossfunctional team of business data owners, security operations team members, and data security professionals. For many organizations, the questions are: Where to start? and Where do we prioritize? 4 Navigating the General Data Protection Regulation Mini Guide
5 3. Do we employ encryption for data protection? Encryption is a key mitigation factor for accidental and malicious data loss incidents and should be employed where possible to protect data at rest or in motion, particularly on mobile devices such as laptops, as well as data uploaded to cloud services. McAfee research report, Building Trust in a Cloudy Sky, 1 indicates that 74% of organizations store sensitive data in the cloud. Additionally, McAfee research on data exfiltration techniques indicates that over a third of data breaches have occurred in the cloud. 4. Is a data security project currently in place or is one planned for this year? Establishing a data security program that includes host- and network-based control policy enforcement points is essential to prevent or detect accidental data loss or malicious data theft incidents. With the regulation coming into force in May 2018 and the complicated nature of implementing effective data security controls, organizations should allocate necessary resources as soon as possible. 5. Do we have an existing in-house application security program? Many enterprises develop a significant number of their business applications in house. These applications are often internet-accessible and house private customer data. According to Verizon s 2016 Data Breach Investigations Report, 2 web application attacks represent the highest incident classification pattern. As many organizations are implementing continuous DevOps, it is ever more important to build in a secure-by-design approach. Some key security controls to consider include secure coding practices and training for developers, application log collection, regular penetration testing, and perimeter network intrusion prevention systems. 6. Do we know where all of our databases are located and the types of data they store? Databases often house the crown jewels of an organization particularly customer-related data. However, too many organizations deploy only basic security controls, do not patch regularly because of application downtime, and rely on administrators for activity monitoring. Additionally, many databases are deployed for testing and development; production data in these creates another risk for sensitive data exposure. For GDPR readiness, you should consider key actions such as discovery of on-premise and hosted databases, review of database security procedures, deployment of additional protection against vulnerability exploitation attacks, and creation of specific database breach use cases in security operations. For third-party hosted databases, a review of contracts with the hosting companies and assessment of their security posture is recommended. Databases often house the crown jewels of an organization particularly customer-related data 5 Navigating the General Data Protection Regulation Mini Guide
6 7. How do we account for cloud software-as-aservice applications that house private data? Used by almost every organization, cloud applications range from business apps like Salesforce to cloud storage services like Box. While the cloud provider has responsibility for infrastructure security, the organization is still responsible for protecting data and monitoring user activity. Two key GDPR-related security controls to consider here are Cloud Access Security Brokers (CASBs) and employment of user behavior analytics that can help control access as well as identify and respond to unusual account activity. 8. How are we controlling privileges and privileged user activity, particularly with cloud services? According to Verizon s 2016 Data Breach Investigations Report, 3 privilege abuse is the top-reported type of insider threat. Insider actions are among the most difficult to detect, with the average organization taking months to discover such incidents. Additionally, cloud services are presenting an increasing attack surface: reducing, controlling, and monitoring privileged user activity is a key consideration for GDPR compliance and data protection in general. 9. What is the status of our advanced malware protection plans? Verizon s 2016 Data Breach Investigations Report 4 found that almost 60% of malware incidents involved malware designed to steal or export data. Spear phishing is the most common way of delivering malware that gives an attacker persistent access to a system. Once inside the network, an attacker using this approach employs stolen credentials to access sensitive systems and encrypted channels to exfiltrate data. In addition to advanced malware protection at the endpoint, consider protection solutions that can inspect HTTPS as the most common exfiltration channel. 10. Does Security Operations have pre-planned data breach detection use cases? GDPR requires that an organization report a data breach within 72 hours. This implies the capability to identify a breach in that time frame. The recent SANS 2017 Incident Response Survey 5 found that just about 84% of organizations had at least one dedicated incident response team member, but only 53% of organizations considered themselves in a mature or maturing state for incident response. However, even in mature security operations centers, data breach incidents are difficult to identify, investigate, and respond to, especially at speed. A key consideration for GDPR readiness is to consolidate security data in a SIEM and employ user entity behavior analytics (UEBA) to identify anomalous behavior. 6 Navigating the General Data Protection Regulation Mini Guide
7 3. The capabilities needed to become GDPR ready Getting ready for the GDPR is really about changing organizational culture as it relates to privacy, personal data protection, and cybersecurity in general. You can explore the background to this in more detail on the Securing Tomorrow blog. The organizational capabilities needed can be looked at in four main ways: governance, people, processes, and technology. We ll cover cybersecurity in more depth. Protection Detection Correction Governance Establish executive awareness and board-level support for cybersecurity and data protection Establish a security operations center and staff for 24/7 activity Appoint a data protection officer with appropriate authority to enforce compliance standards, to the extent that is necessary Design a continuous compliance monitoring and assessment program for proactive compliance checks Establish an information security management program based on industry-accepted frameworks (NIST, ISO27001, SABSA) and controls (SANS, etc.) Foster a positive and collaborative culture of data security with the employees and business partners Embed incident response and data protection language into cloud service provider and third-party supplier agreements People Train and certify application developers on secure coding practices Train and certify end users on data protection Train and certify domain and technology administrators on secure configurations, responsibilities, and best practices Train and certify domain and technology administrators on secure configurations Train all users and administrators on data breach reporting procedures and responsibilities Train and certify incident handlers on data breach reporting and handling requirements Develop coaching mechanisms for positive reinforcement of data protection policies Establish link between human resources and security for data protection policy violation handling Establish a crisis action team to manage breach response actions Processes Establish a continuous application security testing process Perform regular scans for databases and other sensitive data repositories Embed data protection language into cloud provider and other third-party supplier agreements Continuously review privileges and access rights to sensitive data repositories and applications Develop a continuous data classification Continuously monitor for data-at-rest encryption status across endpoints, data center, and cloud servers Develop breach detection and response playbooks to identify accidental or malicious data loss scenarios Continuously monitor for data breach scenarios Develop reporting procedures to report data breaches to authorities within the required timeline Embed incident detection language into cloud provider and other third-party supplier agreements Exercise the crisis action team at least once per year Develop response actions to isolate and fully understand the scope of a breach within four hours Develop a continuously monitored vulnerability correction system for DevOps Develop response action playbooks and rehearsals incorporating IT, SecOps, HR, PR, executive leadership, and business unit representatives Technology Advanced anti-malware solutions using signatures, intelligence, and behavioral analysis capability across end-user devices and servers Encryption for data at rest on end-user devices, servers, and databases Intrusion prevention systems for workload and application security Network data loss prevention for data-in-motion security Endpoint data loss prevention for data-in-use and in-motion security on end-user devices Database Activity Monitoring to protect enterprise applications from exploit Cloud Web Security Gateways for mobile data and threat prevention Cloud Security Brokers to provide visibility and control of data in SaaS applications Central visibility and policy management for data loss prevention and encryption tools Security Information and Event Management system for real-time incident detection and forensics Log collection system with capacity for at least six months but up to one-year storage for critical sensor and data sources Secure evidence repository for data loss incident investigations Endpoint detection and response tools with traffic and user activity history for incident triage User behavior analytics to identify suspicious activity on enterprise and cloud applications Automated policy-based encryption for data in motion on , web, and cloud traffic Response action tools capable of host, network, application, data, and user isolation to contain a breach 7 Navigating the General Data Protection Regulation Mini Guide
8 4. Measuring security outcomes The table below provides a more comprehensive view on the key capabilities needed to meet the security outcomes of a GDPR-ready organization: Protection Detection Correction Neutralize Threats Prevent known or unknown malware installation on end-user devices, databases, and servers Prevent application exploits that led to unauthorized access and data loss Limit and control end-user and administrator privileges Identify, investigate, and validate malware infections wherever they occur Identify, investigate, and validate exploit attempts on applications that host private data Identify, investigate, and validate exploit attempts on databases that host private data Automatically share malware intelligence across sensors and control points Isolate infected hosts or systems using pre-planned response and automated actions Block malicious files on endpoints, network, and web channels using automated actions Block command and control activity across network, web, or other channels using automated actions Remove indicators of compromise from infected hosts or rebuild to prevent reinfection Protect Data Use automated discovery and classification tools to identify and mark private data Protect private data in use, at rest, or in motion from accidental or policy-based loss incidents Protect private data in use, at rest, or in motion from malicious loss incidents Prevent exfiltration of private data to known or unknown locations Prevent unauthorized access to private data Use automated encryption to identify and protect data in motion Identify, investigate, and validate policy-based data loss incidents Identify, investigate, and validate malicious data exfiltration attempts Identify, investigate, and validate exploit attempts on databases that host private data Identify, investigate, and validate unauthorized access attempts to applications, databases, or servers that host private data Automatically share data intelligence across sensors and control points Isolate infected hosts or systems using pre-planned response and automated actions Isolate user privileges and access to private data using pre-planned response and automated actions Use automated encryption to identify and correct potential data loss scenarios Protect Cloud Environments Use automated discovery and classification tools to identify cloud applications and mark private data Prevent known or unknown malware installation on cloud infrastructure-as-a-service servers Prevent exploitation of cloud-hosted applications on infrastructure or platform Protect private data in use, at rest, or in motion from accidental or malicious data loss incidents on cloud-hosted applications Identify, investigate, and validate unauthorized access to cloud-based services Identify, investigate, and validate breaches of private data security controls on softwareas-a-service applications Identify, investigate, and validate breaches of private data security controls on hosted applications Automatically share data and malware intelligence across sensors and control points Isolate infected hosts or systems using pre-planned response and automated actions Isolate user privileges and access to private data using pre-planned response and automated actions Use automated encryption to identify and correct potential data loss scenarios to cloud applications Optimize Security Operations Continuously scan to identify and classify private data and data repositories Continuously reduce attack surface for vulnerability and application exploits through patching and vulnerability scanning Continuously monitor for protection control status across all managed end-user devices, databases, and servers Continuously monitor for indicators of compromise, particularly command and control activity Continuously monitor for breaches of private data security controls Continuously monitor for unauthorized access or privilege abuse attempts on systems with private data Use automation and integrated technologies to adapt security postures to prevent reinfection and private data exposure Use automation and integrated technologies to quickly triage suspected infections, insider activity, or data loss indicators 8 Navigating the General Data Protection Regulation Mini Guide
9 Summary Getting ready for the GDPR will be on the minds of many enterprise business and security executives this year. Business executives and organizational security officers must prioritize investments and implement new programs or solutions that ensure the business is ready for the enhanced regulatory environment. McAfee has a wide ranging and deep capability for the requirements of GDPR that protect data at rest and data in transit as well as provide visibility within the cloud. To find out more, visit mcafee.com/gdpr 1. Building Trust in a Cloudy Sky 2. Verizon s 2016 Data Breach Investigations Report 3. Ibid. 4. Ibid. 5. SANS 2017 Incident Response Survey Disclaimer This guide is our informed interpretation of the EU General Data Protection Regulation, and is for information purposes only and it does not constitute legal advice or advice on how to achieve operational privacy and security. It is not incorporated into any contract and does not commit promise or create any legal obligation to deliver any code, result, material or functionality. Furthermore, the information provided herein is subject to change without notice, and is provided AS IS without guarantee or warranty as to the accuracy or applicability of the information to any specific situation or circumstance. If you require legal advice on the requirements of the General Data Protection Regulation, or any other law, or advice on the extent to which McAfee technologies can assist you to achieve compliance with the Regulation or any other law, you are advised to consult a suitably qualified legal professional. If you require advice on the nature of the technical and organizational measures that are required to deliver operational privacy and security in your organization, you should consult a suitably qualified privacy and or security professional. No liability is accepted to any party for any harms or losses suffered in reliance on the contents of this publication 9 Navigating the General Data Protection Regulation Mini Guide
10 About McAfee McAfee is one of the world s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place. By building solutions that work with other companies products, McAfee helps businesses orchestrate cyber environments that are truly integrated, where protection, detection and correction of threats happen simultaneously and collaboratively. By protecting consumers across all their devices, McAfee secures their digital lifestyle at home and away. By working with other security players, McAfee is leading the effort to unite against cybercriminals for the benefit of all Mission College Blvd Santa Clara, CA McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 3582_0917_gd-gdpr-mini-guide SEPTEMBER Navigating the General Data Protection Regulation Mini Guide
GDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationFabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationMcAfee Public Cloud Server Security Suite
McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationTen Ways to Prepare for Incident Response
Ten Ways to Prepare for Incident Response 1 Ten Ways to Prepare for Incident Response Introduction As a senior consultant on the Foundstone Services incident response and forensic team, I regularly respond
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationMcAfee MVISION Cloud. Data Security for the Cloud Era
McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data
More informationDIGITAL TRUST Making digital work by making digital secure
Making digital work by making digital secure MARKET DRIVERS AND CHALLENGES THE ROLE OF IT SECURITY IN THE DIGITAL AGE 2 In today s digital age we see the impact of poor security controls everywhere. Bots
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationProtecting Your Enterprise Databases from Ransomware
Protecting Your Enterprise Databases from Ransomware 1 Protecting Your Enterprise Databases from Ransomware Protecting Your Enterprise Databases from Ransomware Ransomware is no longer the new kid on the
More informationData Security and Privacy at Handshake
Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationMcAfee Total Protection for Data Loss Prevention
McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationSecurity Terminology Related to a SOC
Security Terminology Related to a SOC Cybersecurity literacy is crucial for practicing proper security hygiene. As business leaders develop fluency in the language of information security (infosec), they
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationGuide to Cyber Security Compliance with GDPR
Guide to Cyber Security Compliance with GDPR Security V1.3 General Data Protection Regulation GDPR Overview What is GDPR? An EU regulation coming into force in May 2018 Which means it applies to all EU
More informationMcAfee Skyhigh Security Cloud for Amazon Web Services
McAfee Skyhigh Security Cloud for Amazon Web Services McAfee Skyhigh Security Cloud for Amazon Web Services (AWS) is a comprehensive monitoring, auditing, and remediation solution for your AWS environment
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More information2018 Edition. Security and Compliance for Office 365
2018 Edition Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationSecurity and Compliance for Office 365
Security and Compliance for Office 365 [Proofpoint has] given us our time back to focus on the really evil stuff. CISO, Global 500 Manufacturer Like millions of businesses around the world, you may be
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationSustainable Security Operations
Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More informationMcAfee Advanced Threat Defense
Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike
More informationGlobal Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality
Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality McAfee provides a trusted partnership for this agencies security infrastructure MAUSER Group Customer Profile Global
More informationCYBER INSURANCE: MANAGING THE RISK
CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt
More informationMcAfee Database Security Insights
McAfee Database Security Insights Managing the multitude of alerts, reports, and events and sometimes finding the proverbial needle in a haystack is challenging. Monitoring the activity on busy enterprise
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationData Loss Prevention Best Practices for Healthcare
Data Loss Prevention Best Practices for Healthcare The perils of data loss 1 Data Loss Prevention Best Practices for Healthcare Data Loss Prevention Best Practices for Healthcare The perils of data loss
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationThreat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES
Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES Agenda Welcome Threat Intelligence EcoSystem Cyber Resiliency
More informationMcAfee Skyhigh Security Cloud for Citrix ShareFile
McAfee Skyhigh Security Cloud for Citrix ShareFile McAfee Skyhigh Security Cloud for Citrix ShareFile helps organizations securely accelerate their business by providing industry-best Data Loss Prevention
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationSecurity. Made Smarter.
Security. Made Smarter. Your job is to keep your organization safe from cyberattacks. To do so, your team has to review a monumental amount of data that is growing exponentially by the minute. Your team
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationFrom Managed Security Services to the next evolution of CyberSoc Services
From Managed Security Services to the next evolution of CyberSoc Services Gianluca Busco Arré Country Manager pandasecurity.com MSSP / MDR Where the Industry is going leaders and laggers MSSP industry
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationMcAfee Endpoint Security
McAfee Endpoint Security Frequently Asked Questions Overview You re facing new challenges in light of the increase of advanced malware. Limited integration between threat detection, network, and endpoint
More informationThe Insider Threat Center: Thwarting the Evil Insider
The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationBUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY
SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationData Sheet The PCI DSS
Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationSecuring Office 365 with SecureCloud
Securing Office 365 with SecureCloud 1 Introduction Microsoft Office 365 has become incredibly popular because of the mobility and collaboration it enables. With Office 365, companies always have the latest
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationProtect Your End-of-Life Windows Server 2003 Operating System
Protect Your End-of-Life Windows Server 2003 Operating System Your guide to mitigating risks in your Windows Server 2003 Systems after the end of support End of Support is Not the End of Business When
More informationINTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.
2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of
More informationHIPAA Regulatory Compliance
Secure Access Solutions & HIPAA Regulatory Compliance Privacy in the Healthcare Industry Privacy has always been a high priority in the health profession. However, since the implementation of the Health
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More information